I am struggeling with XWiki and tight Security vs Rights management: What is the correct way to secure a Space completely so none other than members of a specific Group can have access (including RSS, View, Search etc); others should not even know the Space and its document exists: Is the correct way to have all View/Comment/Edit/Delete/Admin "blank" for all except the specific Group, which should have "View" and whatever other rights, or should I specifically also Deny View/Comment/etc for Unregistered Users and/or XWikiAllGroup ? The problem I am struggeling with, is that I tried to Deny View in SecretSpace to XWikiAllGroup and Allow View in SecretSpace to TrustedGroup. This lead to members of TrustedGroup not being able to see the pages in the SecretSpace. What I am afraid of, is that not specifically denying View rights to XWikiAllGroup, can cause SecretSpace to somehow be visible to others. Best regards, Robert Hercz